From: "Roger Pau Monné" <roger.pau@citrix.com>
To: Elias El Yandouzi <eliasely@amazon.com>
Cc: xen-devel@lists.xenproject.org, julien@xen.org,
pdurrant@amazon.com, dwmw@amazon.com,
Hongyan Xia <hongyxia@amazon.com>,
Andrew Cooper <andrew.cooper3@citrix.com>,
George Dunlap <george.dunlap@citrix.com>,
Jan Beulich <jbeulich@suse.com>,
Stefano Stabellini <sstabellini@kernel.org>,
Julien Grall <jgrall@amazon.com>
Subject: Re: [PATCH V3 (resend) 10/19] xen/page_alloc: Add a path for xenheap when there is no direct map
Date: Tue, 14 May 2024 15:07:24 +0200 [thread overview]
Message-ID: <ZkNiDMqk7ijWi7bK@macbook> (raw)
In-Reply-To: <20240513134046.82605-11-eliasely@amazon.com>
On Mon, May 13, 2024 at 01:40:37PM +0000, Elias El Yandouzi wrote:
> From: Hongyan Xia <hongyxia@amazon.com>
>
> When there is not an always-mapped direct map, xenheap allocations need
> to be mapped and unmapped on-demand.
>
> Signed-off-by: Hongyan Xia <hongyxia@amazon.com>
> Signed-off-by: Julien Grall <jgrall@amazon.com>
> Signed-off-by: Elias El Yandouzi <eliasely@amazon.com>
>
> ----
>
> I have left the call to map_pages_to_xen() and destroy_xen_mappings()
> in the split heap for now. I am not entirely convinced this is necessary
> because in that setup only the xenheap would be always mapped and
> this doesn't contain any guest memory (aside the grant-table).
> So map/unmapping for every allocation seems unnecessary.
I'm also concerned by this, did you test that
CONFIG_SEPARATE_XENHEAP=y works properly with the added {,un}map
calls?
If CONFIG_SEPARATE_XENHEAP=y I would expect the memory returned by
alloc_heap_pages(MEMZONE_XEN...) to already have the virtual mappings
created ahead?
The comment at the top of page_alloc.c also needs to be updated to
notice how the removal of the direct map affects xenheap allocations,
AFAICT a new combination is now possible:
CONFIG_SEPARATE_XENHEAP=n & CONFIG_NO_DIRECTMAP=y
> Changes in v2:
> * Fix remaining wrong indentation in alloc_xenheap_pages()
>
> Changes since Hongyan's version:
> * Rebase
> * Fix indentation in alloc_xenheap_pages()
> * Fix build for arm32
>
> diff --git a/xen/common/page_alloc.c b/xen/common/page_alloc.c
> index 9b7e4721cd..dfb2c05322 100644
> --- a/xen/common/page_alloc.c
> +++ b/xen/common/page_alloc.c
> @@ -2242,6 +2242,7 @@ void init_xenheap_pages(paddr_t ps, paddr_t pe)
> void *alloc_xenheap_pages(unsigned int order, unsigned int memflags)
> {
> struct page_info *pg;
> + void *ret;
virt_addr maybe? ret is what I would expect to store the return value
of the function usually.
>
> ASSERT_ALLOC_CONTEXT();
>
> @@ -2250,17 +2251,36 @@ void *alloc_xenheap_pages(unsigned int order, unsigned int memflags)
> if ( unlikely(pg == NULL) )
> return NULL;
>
> + ret = page_to_virt(pg);
> +
> + if ( !has_directmap() &&
> + map_pages_to_xen((unsigned long)ret, page_to_mfn(pg), 1UL << order,
> + PAGE_HYPERVISOR) )
> + {
> + /* Failed to map xenheap pages. */
> + free_heap_pages(pg, order, false);
> + return NULL;
> + }
> +
> return page_to_virt(pg);
> }
>
>
> void free_xenheap_pages(void *v, unsigned int order)
> {
> + unsigned long va = (unsigned long)v & PAGE_MASK;
> +
> ASSERT_ALLOC_CONTEXT();
>
> if ( v == NULL )
> return;
>
> + if ( !has_directmap() &&
> + destroy_xen_mappings(va, va + (1UL << (order + PAGE_SHIFT))) )
> + dprintk(XENLOG_WARNING,
> + "Error while destroying xenheap mappings at %p, order %u\n",
> + v, order);
> +
> free_heap_pages(virt_to_page(v), order, false);
> }
>
> @@ -2284,6 +2304,7 @@ void *alloc_xenheap_pages(unsigned int order, unsigned int memflags)
> {
> struct page_info *pg;
> unsigned int i;
> + void *ret;
>
> ASSERT_ALLOC_CONTEXT();
>
> @@ -2296,16 +2317,28 @@ void *alloc_xenheap_pages(unsigned int order, unsigned int memflags)
> if ( unlikely(pg == NULL) )
> return NULL;
>
> + ret = page_to_virt(pg);
> +
> + if ( !has_directmap() &&
> + map_pages_to_xen((unsigned long)ret, page_to_mfn(pg), 1UL << order,
> + PAGE_HYPERVISOR) )
> + {
> + /* Failed to map xenheap pages. */
> + free_domheap_pages(pg, order);
> + return NULL;
> + }
> +
> for ( i = 0; i < (1u << order); i++ )
> pg[i].count_info |= PGC_xen_heap;
>
> - return page_to_virt(pg);
> + return ret;
> }
>
> void free_xenheap_pages(void *v, unsigned int order)
> {
> struct page_info *pg;
> unsigned int i;
> + unsigned long va = (unsigned long)v & PAGE_MASK;
>
> ASSERT_ALLOC_CONTEXT();
>
> @@ -2317,6 +2350,12 @@ void free_xenheap_pages(void *v, unsigned int order)
> for ( i = 0; i < (1u << order); i++ )
> pg[i].count_info &= ~PGC_xen_heap;
>
> + if ( !has_directmap() &&
> + destroy_xen_mappings(va, va + (1UL << (order + PAGE_SHIFT))) )
> + dprintk(XENLOG_WARNING,
> + "Error while destroying xenheap mappings at %p, order %u\n",
> + v, order);
I don't think this should be a dprintk(), leaving mappings behind
could be a severe issue given the point of this work is to prevent
leaking data by having everything mapped on the direct map.
This needs to be a printk() IMO, I'm unsure whether freeing the memory
would need to be avoided if destroying the mappings failed, I can't
think of how we could recover from this gracefully.
Thanks, Roger.
next prev parent reply other threads:[~2024-05-14 13:07 UTC|newest]
Thread overview: 70+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-13 13:40 [PATCH V3 (resend) 00/19] Remove the directmap Elias El Yandouzi
2024-05-13 13:40 ` [PATCH V3 (resend) 01/19] x86: Create per-domain mapping of guest_root_pt Elias El Yandouzi
2024-05-14 14:51 ` Jan Beulich
2024-05-15 18:25 ` Elias El Yandouzi
2024-05-16 7:17 ` Jan Beulich
2024-06-13 16:31 ` Elias El Yandouzi
2024-06-14 6:23 ` Jan Beulich
2024-06-17 7:33 ` Roger Pau Monné
2024-05-13 13:40 ` [PATCH V3 (resend) 02/19] x86/pv: Domheap pages should be mapped while relocating initrd Elias El Yandouzi
2024-05-13 15:40 ` Roger Pau Monné
2024-05-13 13:40 ` [PATCH V3 (resend) 03/19] x86/pv: Rewrite how building PV dom0 handles domheap mappings Elias El Yandouzi
2024-05-13 16:49 ` Roger Pau Monné
2024-05-14 14:58 ` Jan Beulich
2024-05-14 15:03 ` Jan Beulich
2024-07-16 16:12 ` Elias El Yandouzi
2024-07-17 10:45 ` Jan Beulich
2024-05-13 13:40 ` [PATCH V3 (resend) 04/19] x86: Lift mapcache variable to the arch level Elias El Yandouzi
2024-05-14 8:21 ` Roger Pau Monné
2024-05-15 13:11 ` Jan Beulich
2024-07-16 17:06 ` Alejandro Vallejo
2024-07-17 12:41 ` Alejandro Vallejo
2024-05-13 13:40 ` [PATCH V3 (resend) 05/19] x86/mapcache: Initialise the mapcache for the idle domain Elias El Yandouzi
2024-05-14 8:42 ` Roger Pau Monné
2024-05-15 13:44 ` Jan Beulich
2024-05-13 13:40 ` [PATCH V3 (resend) 06/19] x86: Add a boot option to enable and disable the direct map Elias El Yandouzi
2024-05-14 9:20 ` Roger Pau Monné
2024-05-14 10:20 ` Roger Pau Monné
2024-05-15 13:54 ` Jan Beulich
2024-05-16 9:19 ` Roger Pau Monné
2024-05-16 9:24 ` Jan Beulich
2024-05-15 13:59 ` Jan Beulich
2024-05-15 16:02 ` Jan Beulich
2024-05-13 13:40 ` [PATCH V3 (resend) 07/19] xen/x86: Add support for the PMAP Elias El Yandouzi
2024-05-14 9:40 ` Roger Pau Monné
2024-05-14 9:43 ` Jan Beulich
2024-05-14 10:22 ` Roger Pau Monné
2024-05-14 10:26 ` Jan Beulich
2024-05-14 11:51 ` Roger Pau Monné
2024-05-14 12:33 ` Jan Beulich
2024-05-13 13:40 ` [PATCH V3 (resend) 08/19] xen/x86: Add build assertion for fixmap entries Elias El Yandouzi
2024-05-14 9:42 ` Roger Pau Monné
2024-05-14 9:45 ` Jan Beulich
2024-05-15 14:03 ` Jan Beulich
2024-05-13 13:40 ` [PATCH V3 (resend) 09/19] x86/domain_page: Remove the fast paths when mfn is not in the directmap Elias El Yandouzi
2024-05-14 11:48 ` Roger Pau Monné
2024-05-15 14:21 ` Jan Beulich
2024-05-13 13:40 ` [PATCH V3 (resend) 10/19] xen/page_alloc: Add a path for xenheap when there is no direct map Elias El Yandouzi
2024-05-14 13:07 ` Roger Pau Monné [this message]
2024-05-15 15:13 ` Jan Beulich
2024-05-13 13:40 ` [PATCH V3 (resend) 11/19] x86/setup: Leave early boot slightly earlier Elias El Yandouzi
2024-05-14 14:11 ` Roger Pau Monné
2024-05-15 15:22 ` Jan Beulich
2024-05-13 13:40 ` [PATCH V3 (resend) 12/19] x86/setup: vmap heap nodes when they are outside the direct map Elias El Yandouzi
2024-05-14 15:02 ` Roger Pau Monné
2024-05-15 15:28 ` Jan Beulich
2024-05-13 13:40 ` [PATCH V3 (resend) 13/19] x86/setup: Do not create valid mappings when directmap=no Elias El Yandouzi
2024-05-14 15:39 ` Roger Pau Monné
2024-05-15 15:50 ` Jan Beulich
2024-05-15 15:59 ` Jan Beulich
2024-05-13 13:40 ` [PATCH V3 (resend) 14/19] Rename mfn_to_virt() calls Elias El Yandouzi
2024-05-14 15:45 ` Roger Pau Monné
2024-05-14 16:22 ` Jan Beulich
2024-05-15 9:38 ` Roger Pau Monné
2024-05-15 9:42 ` Jan Beulich
2024-05-16 8:57 ` Jan Beulich
2024-05-13 13:40 ` [PATCH V3 (resend) 15/19] Rename maddr_to_virt() calls Elias El Yandouzi
2024-05-13 13:40 ` [PATCH V3 (resend) 16/19] xen/arm32: mm: Rename 'first' to 'root' in init_secondary_pagetables() Elias El Yandouzi
2024-05-13 13:40 ` [PATCH V3 (resend) 17/19] xen/arm64: mm: Use per-pCPU page-tables Elias El Yandouzi
2024-05-13 13:40 ` [PATCH V3 (resend) 18/19] xen/arm64: Implement a mapcache for arm64 Elias El Yandouzi
2024-05-13 13:40 ` [PATCH V3 (resend) 19/19] xen/arm64: Allow the admin to enable/disable the directmap Elias El Yandouzi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZkNiDMqk7ijWi7bK@macbook \
--to=roger.pau@citrix.com \
--cc=andrew.cooper3@citrix.com \
--cc=dwmw@amazon.com \
--cc=eliasely@amazon.com \
--cc=george.dunlap@citrix.com \
--cc=hongyxia@amazon.com \
--cc=jbeulich@suse.com \
--cc=jgrall@amazon.com \
--cc=julien@xen.org \
--cc=pdurrant@amazon.com \
--cc=sstabellini@kernel.org \
--cc=xen-devel@lists.xenproject.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.